prolearn← Back home

Privacy Policy

Effective date: [EFFECTIVE_DATE]·Last updated: [EFFECTIVE_DATE]

1. Introduction

ProLearn, operated by [COMPANY_LEGAL_NAME] ("ProLearn," "we," "our," or "us"), respects your privacy. This Policy explains what data we collect, why we collect it, how long we keep it, and how you can control it when you use the ProLearn AI doubt-solving mobile application (the "App") and related services.

ProLearn is designed for students of all classes from any Indian school board. This Policy is governed by the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules").

By using ProLearn, you (and your parent or legal guardian, if you are under 18) confirm that you have read, understood, and accepted this Privacy Policy.

2. Quick-Look Summary

Here is everything we collect at a glance:

Data CategoryItems We CollectPrimary PurposeRetention
Contact InfoName, phone number (yours or parent/guardian's)Account creation, communication, OTP verificationUntil account deletion
Academic InfoClass, boardPersonalize contentUntil account deletion
User ContentPhotos uploaded from camera or gallery, follow-up text, AI solutionsProvide doubt-solving serviceAs long as necessary
IdentifiersUser ID, device ID, advertising IDLogin, fraud prevention, app functionalityAs long as necessary
Usage ActivityScreens viewed, taps, clicks, time spent, navigation paths, subjects studiedEducational service improvement, performance reportsAs long as necessary
DiagnosticsCrash logs, performance metricsApp stability and bug fixesAs long as necessary
Transaction RecordsSubscription ID, amount, status (no card/UPI details stored)Subscription management, GST compliance8 years (legal requirement)

3. Data We Do NOT Collect

We do not access or collect:

  • Precise GPS location
  • Health data or biometric data
  • Your passwords (we use OTP-based authentication)
  • Credit card numbers, debit card numbers, UPI IDs, or bank account details — these are handled directly by our payment partner
  • Your phone contacts, photos in your gallery you have not uploaded to ProLearn, or your call/SMS history

Note: You can upload photos to ProLearn from your device camera or from your photo gallery. We only access photos you explicitly choose to upload — we never access your entire gallery without your action.

4. Personal & Device Information We Collect

4.1 Registration data

During signup, we collect:

  • Full name
  • Mobile phone number — used for OTP verification, account creation, and communication. If the user is under 18, this is the parent or guardian's number.
  • Class (which grade you study in)
  • Board (the school board you follow)

4.2 Learning activity data

  • Photos you upload (from your device camera or from your photo gallery) of textbook pages, handwritten questions, or study materials
  • Text of follow-up questions you ask the AI
  • AI-generated solutions and explanations provided to you
  • Subjects studied, chapters viewed, time spent on questions

4.3 In-app activity data

To improve our educational services, we collect data about how you interact with the App, including:

  • Screens you visit and time spent on each
  • Buttons and features you tap or use
  • Subjects, chapters, and topics you study most frequently
  • Frequency and patterns of doubt submissions
  • Feature usage (e.g., voice follow-up vs text follow-up)

This data is used strictly for the purpose of improving the educational quality and usability of ProLearn. It is not used for advertising, profiling for commercial purposes, or shared with third parties for marketing.

4.4 Technical data

  • Device model, OS version, App version
  • Device identifier and (with your permission) advertising identifier
  • Truncated IP address (city-level location only — we do not access GPS)
  • Network type (Wi-Fi or mobile data)

5. How We Use Your Data

5.1 To provide the service

  • Process photos and questions through third-party AI services (currently Google Gemini and other AI providers) to generate solutions
  • Maintain your account, profile, doubt history, and subscription status
  • Personalize content based on your class

5.2 Communication

You hereby explicitly consent to receive email, telephone, WhatsApp, push notification, or text messages from us, our subsidiaries, associates, or affiliates, for the purpose of providing alerts and information related to services, account updates, and product offerings.

This consent shall override any registration you may have done in your respective jurisdiction to opt out of such communications, including registration with a Do-Not-Call Registry, as applicable. You may opt out of non-essential marketing communications at any time through the App settings or by emailing [DPO_EMAIL].

5.3 Educational service improvement

We use aggregated and anonymized usage data to understand which learning features are most useful, where users struggle, and how to improve the educational quality of ProLearn. This processing is consistent with the legitimate educational purpose for which you use our service.

5.4 Legal and security

  • Detect fraud and prevent abuse
  • Comply with lawful requests from Indian authorities
  • Maintain records required by Indian law (taxation, financial regulations)

6. AI Processing of Your Content

When you upload a photo or ask a question, the content is sent securely to our third-party AI partners (currently Google Gemini, and potentially other AI providers we may use in the future) for processing. The AI generates a solution that is sent back to you in seconds.

Your uploaded content is governed by both this Privacy Policy and the AI partner's own privacy policies. We choose AI partners that meet enterprise-grade data protection standards.

7. Data Retention

7.1 General principle

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including for the purposes of providing our services, complying with applicable legal obligations, resolving disputes, and enforcing our Terms of Service. We will only retain personal information as long as necessary for the fulfilment of those purposes, unless a longer retention period is required or permitted by Indian law.

7.2 Specific retention required by law

Where Indian law requires us to retain specific data for a defined period, we will do so:

  • Transaction records — retained for 8 years as required by Indian taxation law (GST, Income Tax)

7.3 Account deletion

You may delete your account at any time from the App settings or by emailing [DPO_EMAIL]. When you delete your account, we will delete all your personal data within 30 days, including: your profile information, uploaded photos, AI-generated solutions, doubt history, and communication logs.

Exception: Limited data must be retained where required by Indian law (e.g., transaction records for 8 years under tax laws). Such retained data is not used for any other purpose.

7.4 Backup and technical retention

You should note that personal information may persist for limited additional time in our backup systems due to technical and legal constraints, including stored backup systems. Such data is not actively used and is purged according to our backup retention schedules.

8. Users Under 18 and Parental Consent

8.1 Phone number is the parent or guardian's number

During signup, ProLearn collects a single mobile phone number. If the user is under 18, this phone number is required to be the parent or guardian's number. By providing the phone number and completing OTP verification, the parent or guardian:

  • Provides their consent for the minor to use ProLearn
  • Acknowledges this Privacy Policy
  • Takes responsibility for supervising the minor's use of the App

If the user is 18 or older, the phone number provided is their own.

8.2 Deemed consent

Where ProLearn is used by a person under 18, use of the service is deemed to be made available by the parent or legal guardian who has agreed to this Privacy Policy and the Terms of Service. We will not be responsible for any consequence arising from misrepresentation of age or unauthorized use by a minor without parental supervision.

8.3 Educational purpose framing

ProLearn is an educational service. Some processing of children's data — including in-app activity tracking — is undertaken for the legitimate educational purpose of improving the App and the learning experience. This processing is permitted under the DPDP Rules 2025 (Schedule IV exemptions applicable to educational services), provided it is limited to the educational purpose.

8.4 What we DO NOT do with minor users' data

Even though some in-app tracking is permitted for educational purposes, we do not:

  • Engage in targeted advertising to minors
  • Build commercial advertising profiles or behavioral profiles for marketing
  • Engage in cross-app or cross-site tracking of minors
  • Record sessions or capture screen activity beyond what is needed for crash reporting and aggregated analytics
  • Sell, rent, or commercially share children's personal data with third parties
  • Use children's data for any purpose beyond education and service improvement

8.5 Parent rights

Parents and legal guardians can at any time email [DPO_EMAIL] to:

  • Request review of personal data collected about their child
  • Request correction or deletion of the child's data
  • Withdraw consent for further processing (results in account deletion)

9. Third-Party SDKs and Service Providers

We work with the following third parties to provide ProLearn. Each is contractually bound to protect your information:

PartnerPurposeData SharedOpt-Out
Google Gemini (AI)AI doubt processingPhotos, questions textDiscontinue use of App
Google Cloud Platform (GCP)Server hosting (India region)All account data, photos, historyDiscontinue use of App
[PAYMENT_GATEWAY]Subscription payments and auto-renewalsTransaction info only (no card/UPI details)Cancel subscription
[NOTIFICATION_PLATFORM]Push notifications, in-app messages, emailUser ID, event data, notification preferencesTurn off notifications in App settings
Firebase (Google)Push delivery infrastructure, crash reporting, analyticsDevice info, app events, crash logsDisable in App settings

We do not sell or rent your personal data. All partners process data under strict contracts and their own privacy policies.

10. Payment Processing

You may from time to time choose to provide payment-related financial information (credit card, debit card, UPI ID, bank account details, etc.) on the App. We are committed to keeping all such sensitive data safe at all times and ensure that such data is transacted over secure approved payment gateways which are digitally encrypted, providing the highest possible degree of care available under the technology presently in use.

All payment processing is handled by [PAYMENT_GATEWAY], an RBI-regulated payment aggregator and PCI-DSS compliant payment partner. We do not store your credit card numbers, debit card numbers, UPI IDs, or bank account details on our servers. We receive only transaction confirmations (transaction ID, amount, status, subscription type) from the payment partner.

[COMPANY_LEGAL_NAME] will not use your financial information for any purpose other than to complete a transaction with you.

11. International Data Transfers

Our primary servers are located in India (Google Cloud Platform India regions). However, some of our third-party processors (such as Google Gemini and Firebase) may process data on servers outside India, primarily in the United States. Where this happens, we ensure transfers comply with the DPDP Act and use only countries that have not been restricted by the Government of India.

12. Your Rights Under the DPDP Act

As a Data Principal under the DPDP Act 2023, you have the right to:

  • Access — Request a copy of personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Erasure — Request deletion of data we no longer need
  • Grievance redressal — Contact our Data Protection Officer with complaints
  • Withdraw consent — At any time (may result in service termination)
  • Nominate — Designate another person to exercise your rights on your behalf

To exercise any of these rights, email [DPO_EMAIL] with the subject "Data Rights Request." We will respond within 30 days.

13. How We Protect Your Data

We use industry-standard security measures:

  • Encryption in transit (TLS 1.2 or above)
  • Encryption at rest (AES-256) for stored data
  • Role-based access controls — only authorized employees access user data
  • Regular security audits and penetration testing
  • Incident response protocols for data breaches

While no system is 100% secure, we continuously improve our safeguards. In the event of a personal data breach that may affect your data, we will notify the Data Protection Board of India and affected users within 72 hours, as required by the DPDP Act.

14. External Links and Third-Party Services

The App may include hyperlinks to other websites, content, or resources. We have no control over external sites and are not responsible for their content or privacy practices.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App and via your registered phone number at least 14 days before the changes take effect.

16. Disclosure of Information

We may disclose your personal information in the following circumstances:

  • Court Orders or legal procedures requiring disclosure
  • Lawful requests from Indian government authorities or law enforcement
  • To prevent imminent physical harm, financial loss, or fraud
  • To investigate violations of our Terms of Service
  • In the event we are acquired by or merged with another company (with prior notice to you)

17. Confidentiality

Your information is regarded as confidential and will not be divulged to any third party, unless legally required. We will not sell, share, or rent your personal information to any third party or use your phone number for unsolicited communications.

18. Grievance Officer

In accordance with the Information Technology Act 2000 and DPDP Act 2023:

  • Name: [FOUNDER_NAME]
  • Email: [DPO_EMAIL]
  • Phone: [PHONE]
  • Address: [COMPANY_ADDRESS]

Response time: Within 30 days of receiving your grievance.

19. Disputes and Jurisdiction

All disputes arising from or related to this Privacy Policy will be resolved through a two-step Alternate Dispute Resolution mechanism:

Stage 1 — Mediation: Disputes will first be attempted to be resolved by a sole mediator, mutually appointed by both parties.

Stage 2 — Arbitration: If mediation does not yield a result, arbitration shall follow. The arbitrator's award shall be final and binding. Arbitration shall be held in [STATE_JURISDICTION], India.

If unresolved, courts at [STATE_JURISDICTION], India shall have exclusive jurisdiction.

20. Contact Us

For privacy questions, data requests, or concerns:

  • Email: [DPO_EMAIL]
  • Phone: [PHONE]
  • Website: [WEBSITE_DOMAIN]
  • Address: [COMPANY_ADDRESS]
Privacy PolicyTerms of Service